技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.0.2
统计:⭐ 1 · 1.3k · 2 current installs · 2 all-time installs
⭐ 1
安装量(当前) 2
🛡 VirusTotal :良性 · OpenClaw :良性
Package:atlaspa/openclaw-sentinel
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :良性
OpenClaw 评估
The skill's code, instructions, and requirements are coherent with a local supply-chain scanner: it only needs python3, scans a workspace, and writes local evidence, but you should review provenance and be aware it will create files in your workspace and can quarantine skills if enabled.
目的
Name and description match what is present: a Python-based scanner that inspects skill directories for obfuscation, suspicious patterns, and known-bad hashes. Required binary is only python3, which is appropriate for the functionality.
说明范围
Runtime instructions tell the agent to scan or inspect skill directories and to read/write local workspace state (e.g., create .sentinel, .quarantine). That behavior is within scope for a scanner, but the skill will traverse and read many files under your workspace and will persist scan results and a threat DB under workspace/.sentinel (and may write quarantine evidence to workspace/.quarantine). The SKILL.md documents these behaviors; however…
安装机制
No install spec (instruction-only with included script). Nothing pulls remote code at runtime; the code claims to use only the Python standard library and does not declare external package installs. This is low installation risk, but you should obtain the skill from a trusted source (the registry metadata lists no homepage).
证书
The skill does not request credentials and only needs python3. It uses OPENCLAW_WORKSPACE (and falls back to current directory / ~/.openclaw/workspace) to locate the workspace — that environment variable is referenced in SKILL.md but is not listed in the registry 'required env vars' field, which is a metadata mismatch. The scanner also looks for code that reads env vars inside scanned skills (e.g., patterns for SECRET/TOKEN usage) — that is ex…
持久
always:false and model invocation allowed (default). The tool writes its own data under the target workspace (.sentinel, .quarantine) which is expected for a scanner. There is code and constants related to quarantining, but SKILL.md/README state that automated blocking/quarantine features are part of a 'pro' offering — verify whether any destructive actions (renaming/moving skill dirs) are opt-in.
综合结论
This appears to be a legitimate local supply-chain scanner that only needs python3 and will read and write under your OpenClaw workspace. Before installing or running: (1) obtain the repository from a trusted source (registry shows no homepage), (2) review the full scripts/sentinel.py for any code paths that rename/move skill directories or make outbound network calls, (3) run it first in a copied/isolated workspace if you are worried about qu…
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Openclaw Sentinel」。简介:Supply chain security for agent skills. Pre-install inspection, post-install sc…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/atlaspa/openclaw-sentinel/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
暂无本地缓存内容,可在后台执行详情同步。